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It is hereby agreed by the Accused, Defense Counsel, and Trial Counsel, that if Ms. 
Florinda White were present to testify during the merits and pre-sentencing phases of this court- 
martial, she would testify substantially as follows: 

1 . I am the Configuration Management Lead for the Distributed Common Ground System Army 
(DCGS-A) program. I graduated with a degree in computer science in 1991 . Thereafter, I 
completed additional courses in computer science. I have experience with Linux and Windows. 
Additionally, I have experience as a programmer, system administrator, network administrator, 
and system engineering. I specialize in computer management, which is a subspecialty of 
systems engineering. From 2005-2010, 1 worked as a contractor on the DCGS-A program for 
which I currently work. As a contractor, I worked as an analyst and in configuration 
management. 

2. Currently, I work for Communications-Electronics, Research, Development and Engineering 
Center (CERDEC) Software Engineering Directorate (SED) at Aberdeen Proving Grounds, 
Maryland. CERDEC is the United States Army information and technologies and integrated 
systems center. SED provides software acquisition and software engineering support to Army 
tactical systems, to include creation of concept, concept development, demonstration of concept, 
production and development, and operations and maintenance, thereby developing and 
supporting software systems throughout their lifecycle. SED also provides information 
assurance and determines the requirements and necessary tools to complete tasks. Software 
products developed by SED supports Army war fighting efforts. DCGS-A is a component of 



3. DCGS-A is the Army's primary system to post data, process information, and disseminate 
intelligence, surveillance, and reconnaissance information about terrain, threats, weather, and 
other information relevant to Servicemembers. DCGS-A is the approved system used by 
intelligence analysts (35F Military Occupational Specialty). DCGS-A provides commanders the 
ability to receive intelligence from multiple sources and intelligence systems. Moreover, DCGS- 
A ensures each piece of approved hardware and software is secure, stable, and compatible with 
existing systems. 

4. As the Configuration Management Lead, I ensure software and hardware for each system 
meets approved specifications and follows approved builds. The approved builds are also known 
as baselines. Each baseline consists of approved software and hardware. The software is 
specifically listed by program and version number. Hardware is specifically approved by type 
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and manufacturer. A specific baseline is described in a Version Description Document (VDD). 
The VDD states each authorized component of a baseline. Any software or hardware not listed 
in the VDD is not authorized and is not part of the baseline. 

5. The baseline is developed through a deliberate process. The Program Manager (PM) of each 
system approves each respective baseline that falls within the PM's system. The baseline is 
tested for stability. Stability means that the system itself is stable and that the system is stable 
when interacting with other approved systems. Stability is important because the computer 
system completes important tasks for Servicemembers and the system must work at all times, 
especially in a deployed environment. The baseline is also tested for security. Security means 
the system is secure by itself and when it interacts with other approved systems. Security is 
important because some of the computer systems contain classified information. The 
information is used by Servicemembers to complete their missions, and the systems maintain 
security so only authorized users can access the information. Ensuring stability and security 
requires extensive testing. Each new baseline is accredited, and any changes to the baseline 
must be certified after undergoing the vetting process. 

6. Any change to the baseline requires new testing of the new baseline because a single change 
can affect a system's security or its stability. The process to make changes to the baseline begins 
when a user submits a request identifying requested capabilities. After a request has been 
submitted, the request goes before the Engineer Review Board (ERB). The ERB is comprised of 
subject matter experts, engineers, and testers. The ERB analyzes and assesses the requested 
changes for effectiveness and costs. The ERB also assesses any effect the requested change 
could have on the network. The ERB provides a recommendation based on its conclusions and 
testing to the Configuration Control Board (CCB). The CCB is comprised of configuration 
subject matter experts, engineers, and the relevant PM. The CCB then makes a final 
determination based on the effectiveness and cost. Changes to the baseline can be approved in 3 
days up and to 1 year depending on the complexity of the system and the nature of the requested 
change. The process has been designed to maintain system security and stability. 

7. After a baseline has been approved, a computer image is created. This computer image is 
installed onto approved systems. An image is used to ensure that each system receives exactly 
the same software. Using the same image ensures that the DCGS-A program only tests one 
image instead of testing each system. This increases the likelihood the software will comport 
with the approved baseline. 

8. Prosecution Exhibit (PE) 9 is the VDD. PE 9 describes the baseline for a Basic Analyst 
Laptop (B AL). I am familiar with the VDD in PE 9 and other VDDs because I work with them 
daily in my position as the Configuration Management Lead. As the Configuration Management 
Lead, I inspect images to ensure the image meets the standards set forth in the baseline. I check 
each program individually to ensure it is the correct program and specifically the correct version 
of the program. Any software not approved in the baseline, as reflected in the VDD, is not 
authorized. Specifically, even if a software program is authorized, the program cannot be added 
to the image unless it is an approved version from approved source. That is, the approved 
version of the program must be obtained from an authorized source. Programs obtained from 
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unauthorized sources, such as the Internet, could obtain viruses, Trojan horses, or other malware 
that would jeopardize both system security and stability. 



9. Wget is a computer program that retrieves content from web servers, and is part of the GNU 
Project. Wget supports downloading via HTTP, HTTPS, and FTP protocols, which are common 
protocols used on the internet for webpages. Wget is a free network utility commonly used to 
retrieve files from the internet. It has been designed for robustness over slow or unstable 
network connections. If a download does not complete due to a network problem, Wget will 
automatically try to continue the download from where it left off, and repeat this until the whole 
file has been retrieved. Wget is non-interactive in the sense that once started, it does not require 
user interaction. To my knowledge, Wget has never been authorized as part of any DCGS-A 
baseline, nor has it been requested for approved use. As such, Wget has never been reviewed by 
our program and I cannot say whether it would be approved for use or not. The VDDs created 
for V3.0P17, V3.QP18, V3.1P3 each did not authorize Wget on a DCGS-A computer or for it to 
be used by a DCGS-A user. 
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